Issue:
1. Home is, China Unicom IPv6 fiber 300M bandwidth, Mercury D196G finished router
2. The company is IPv4 LAN fixed IP
3. I want to implement corporate IPv4 access to the IPv6 PC at home
4. Don't want to use any peanut shell hardware, or third-party remote desktop software, such as Sunflower Remote or TeamViewer
5. Pay attention to safety and don't want to be caught. Especially for company computers, personal computers can still do the full grid of the system if they are caught.
6. I hope the big guy provides a complete idea, if you have time, you can give a complete step, thank you very much!
Response:
Your situation is the same as mine, there is a V6 public address at home without a V4 public address, the company has a public V4 address without a public V6 address, and even no V6 address, and the two sides visit each other, I have been playing for a long time. You can only access the V4 address with the V4 address, and it is useless to have a V6 address at home, so you can't use it, I hope this answer can help you.
Wg Gen Web的Server页面
You mentioned in the second article that the company is, IPV4 LAN fixed IP, I want to ask, your fixed IP is fixed intranet address or public network address, it doesn't matter whether the public address is fixed or not, the important thing is whether there is a public network address and a port that you can control?
If you have a public network address and a controllable port (controllable port refers to the ability to do port forwarding on the router connected to the external line, or enable UPNP), it is very simple, you can play a self-consistent Internet, if not, you must use external forces, this external force, there are hardware solutions, there are software solutions.
Wg Gen Web creates a client profile interface
First of all, let's introduce my gameplay, I can have 3 sets of gameplay at the same time. My environment: The company is telecom government and enterprise broadband, gigabit downlink 100 megabit uplink, non-fixed public IP, the main route is served by pfSense firewall, I have the password, I can adjust the port mapping by myself. Home Unicom home broadband 500M/40M, IPV6, no V4 public network address, home router is openWRT soft router.
Wg Gen Web's status monitoring interface
Option A, the WireGuard solution implemented with Wg Gen Web, is also the one I use now, which establishes a port mapping from the main route, and maps port 21820 to port 21820 on one of my own computers (called WG Server for the time being). Install Ubuntu 22.04 on my computer, install the Docker environment, install Portainer to manage Docker, install Wg Gen Web, DDNS-go and Homebox intranet speed test in Docker, change the WireGuard port to 21820, create a client configuration file on the web page of Wg Gen Web, and let all clients actively connect to WG Server through DDNS domain names. WireGuard is installed on mobile phones, tablets, home computers, and routers, all of which can be connected to the company network, and because of the 100 Gigabit upload of government and enterprise broadband, the speed test is basically 100M full speed.
Speed test from home to the company's intranet
Plan B is a self-managed Derp solution of Tailscale as a backup solution. The principle is also very simple, the port of the main route to establish Derp is mapped to my own computer, the Derp service and the Tailscale client are installed on the computer, the ACL file of Tailscale is modified to point to the self-built Derp server, and all other clients can install the Tailscale client. This solution is reduced to a backup solution because the client installation configuration is not as convenient as WireGuard. The feature of my solution is that there is no need to establish a P2P connection between Tailscale clients, because the Derp server has a public IP, so they have a good network quality through TCP connection relay.
Plan C is the solution I used in the early days, using two dandelion routers (or dandelion boxes) for virtual networking. This solution is still the best solution for people who do not have access to the main route. It can be seen that the core of my A and B solutions is actually the public network IP+ controllable port, which many people cannot have, either the administrator does not let you set it up, or you have a password but can't adjust it, and the random adjustment may also cause a large-scale failure of the company's network. The specific method is to put a dandelion in the company and at home (the dandelion box is the best, the dandelion router can also be used), and the router of the company and home network does not need to do any configuration, of course, you need to be able to turn on UPNP will make your interconnection quality much higher. In the dandelion management interface, establish a virtual network, just add these two devices to the virtual network, the free version can accommodate up to 3 members, you can also have a mobile client as a virtual network member, I installed the dandelion client on the iPad.
To sum up, if there is a public IPV4 address at either end of the company and home, it doesn't matter if it is fixed or not, and you can go to the main route to do port mapping, then it can be used by WireGurad, Tailscale or ZeroTier. If any of the above two conditions cannot be met, using the dandelion hardware solution, less than 100 yuan, no follow-up usage fee, P2P success is wire-speed access, and unsuccessful is the 2M transit bandwidth provided by dandelion. You don't need any of the above solutions, only buy a lightweight application server for intranet penetration, less than 100 yuan per year, you can enjoy about 300G traffic and 3M bandwidth per month, and you need to buy a better server if you need higher traffic and bandwidth.
I hope it can help you solve your own problems, about my specific implementation, see if there are many follow-up follow-up people, if there are more, I will do a tutorial.